Abstract: According to an embodiment, an encryption device includes a symmetric-key operation unit; a division unit; an exclusive OR operation unit; a multiplication unit that performs multiplication on a Galois field; and a control unit that controls the above units. When the input data is divided into blocks, with the predetermined length, and the first mode of operation is designated on a (j?1)-th block, the control unit performs control such that the multiplication unit performs multiplication with a predetermined value based on the (j?1)-th block, performs control such that the exclusive OR operation unit sums a multiplication result and data of a j-th block, and performs control such that the exclusive OR operation unit sums an operation result of the exclusive OR operation unit and an operation result of the multiplication unit on the (j?1)-th block.
Abstract: An authentication includes a unit that issues right transfer information that is to be transmitted to a service providing device and a token that corresponds to the right transfer information and is to be transmitted to a service proxy access device on a basis of information about a user to whom a right is transferred and a condition under which the right is transferred, a unit that provides the token to the service proxy access device, and a unit that receives from the service providing device the token transferred from the service proxy access device and transmits to the service providing device the right transfer information that corresponds to the token and is kept by the authentication device.
Abstract: A method in an example embodiment includes correlating a first set of event data from a private network and determining a local reputation score of a host in the private network based on correlating the first set of event data. The method further includes providing the local reputation score of the host to a security node, which applies a policy, based on the local reputation score of the host, to a network communication associated with the host. In specific embodiments, the local reputation score of the host is mapped to a network address of the host. In further embodiments, the first set of event data includes one or more event indicators representing one or more events, respectively, in the private network. In more specific embodiments, the method includes determining a local reputation score of a user and providing the local reputation score of the user to the security node.
Type:
Grant
Filed:
April 10, 2012
Date of Patent:
January 6, 2015
Assignee:
McAfee Inc.
Inventors:
Geoffrey Howard Cooper, David Frederick Diehl, Michael W. Green, Robert Ma
Abstract: A computer based system and method of providing document isolation during routing of a document through a workflow is disclosed. The method comprises maintaining a separate “working” copy of the original base document while the document is routed through a workflow. Access controls, which define who may access the original document as well as any versions of the working copy document, are defined and stored in relation to the documents. The access controls further define the types of actions users may take with respect to the document. Users are selectively directed to the appropriate document, either the base document or working copy, and selectively granted permission to perform publishing operations on the working copy document, as determined by the access controls.
Type:
Grant
Filed:
March 25, 2010
Date of Patent:
December 30, 2014
Assignee:
Microsoft Corporation
Inventors:
Tanmoy Dutta, Alexander G. Balikov, Himani Naresh
Abstract: The disclosed subject matter provides for event driven permissive sharing of information. In an aspect, user equipment can include information sharing profiles that can facilitate sharing information with other devices or users, such as sharing location information. The information sharing profiles can include trigger values, such that when a target value transitions the trigger value, a permission value is updated to restrict access to sharable information. As such, event driven permissive sharing of information allows for designation of temporary friend information sharing with user-defined triggers.
Type:
Grant
Filed:
April 13, 2012
Date of Patent:
December 30, 2014
Assignee:
AT&T Mobility II LLC
Inventors:
Sheldon Kent Meredith, Mario Kosseifi, John Pastore
Abstract: Media rights are managed to include not just device authentication, but to include elements of user, device, and service authorization. A user can play media on a mobile device, continue playing the media on a desktop computer, and subsequently move to a large screen television and media rights are automatically identified to provide the most appropriate authorized content. This allows an authorized user to seamlessly access different forms of the same content on a variety of authenticated devices using the same digital rights management mechanisms.
Abstract: A method and apparatus for a non-revealing do-not-contact list system in which a do-not-contact list of one-way hashed consumer contact information is provided to a set of one or more entities. The set of entities determine whether certain consumers wish to be contacted with the do-not-contact list without discovering actual consumer contact information.
Abstract: A method and system for securing data in a computer system provides the capability to secure information even when it leaves the boundaries of the organization using a data loss agent integrated with encryption software. A method for securing data in a computer system comprises detecting attempted connection or access to a data destination to which sensitive data may be written, determining an encryption status of the data destination, allowing the connection or access to the data destination when the data destination is encrypted, and taking action to secure the sensitive data when the data destination is not encrypted.
Type:
Grant
Filed:
March 14, 2008
Date of Patent:
November 18, 2014
Assignee:
McAfee, Inc.
Inventors:
Elad Zucker, Eran Werner, Mattias Weidhagen
Abstract: A controller (900) for transferring media content rights between media devices comprising a memory (906), a user interface (910) and a transceiver (902). The memory (906) stores a list of media devices (914) capable of receiving the permissions associated with the media content from an originating device and an encryption key (920) that may be used to encrypt the permissions. The user interface (910) detects a user selection of a target device from the list of media devices (914). The transceiver (902) communicates an address (916) associated with the target device and the encryption key (920) to the originating device. Thus, the originating device is able to encrypt the permissions using the encryption key (920) and send the encrypted permissions to the address (916) associated with the target device.
Abstract: An authentication apparatus receives an authority delegating request from an apparatus, acquires information of authorities possessed by the user from a storage unit, presents information of the acquired authorities to the user, and receives an instruction indicating which of the authorities possessed by the user is delegated to the apparatus. A storage unit stores, when the instruction to delegate the authority to the apparatus is received, an identifier required to uniquely identify the instruction and the authority instructed by the user to delegate, in association with each other. Authentication information indicating delegation of the authority is transmitted to the apparatus based on the instruction from the user.
Abstract: Techniques for configuring and managing remote security devices are disclosed. In some embodiments, configuring and managing remote security devices includes receiving a registration request for a remote security device at a device for configuring and managing a plurality of remote security devices; verifying the registration request to determine that the remote security device is an authorized remote security device for an external network; and sending a response identifying one or more security gateways to the remote security device, in which the remote security device is automatically configured to connect to each of the one or more security gateways using a distinct Layer 3 protocol tunnel (e.g., a virtual private network (VPN)).
Type:
Grant
Filed:
August 31, 2011
Date of Patent:
October 28, 2014
Assignee:
Palo Alto Networks, Inc.
Inventors:
Yueh-Zen Chen, Wilson Xu, Monty Sher Gill
Abstract: A computationally-implemented method, for certain example embodiments, may include, but is not limited to: identifying a network connection coupling a computer server to a computing device; and transmitting, via the network connection, a behavioral fingerprint associated with an authorized user of the computing device, the behavioral fingerprint providing at least one status of the authorized user with respect to the computing device. In addition to the foregoing, other example aspects are presented in the claims, drawings, and written description forming a part of the present disclosure.
Type:
Grant
Filed:
June 29, 2012
Date of Patent:
October 21, 2014
Assignee:
Elwha LLC
Inventors:
Marc E. Davis, Matthew G. Dyor, Daniel A. Gerrity, Xuedong Huang, Roderick A. Hyde, Royce A. Levien, Richard T. Lord, Robert W. Lord, Mark A. Malamud, Nathan P. Myhrvold, Clarence T. Tegreene
Abstract: Personal Digital Server (“PDS”) is a unique computer application for the storage, updating, management and sharing of all types of digital media files, including audio, video, images and documents, irrespective of their format. PDS provides users with a single location to store and access, both locally and remotely, all of their digital media. It also provides the user total control of the overall management of these assets.
Abstract: A distributed and coordinated security system providing intrusion-detection and intrusion-prevention for the virtual machines (VMs) in a virtual server is described. The virtualization platform of the virtual server is enhanced with networking drivers that provide a “fast path” firewall function for pre-configured guest VMs that already have dedicated deep packet inspection security agents installed. A separate security VM is deployed to provide virtual security agents providing deep packet inspection for non pre-configured guest VMs. The network drivers are then configured to intercept the data traffic of these guest VMs and route it through their corresponding virtual security agents, thus providing a “slow-path” for intrusion detection and prevention.
Abstract: A self-encrypting drive allows finely grained control, i.e., the ability to create, protect, lock and unlock, of different volumes on the same drive. The different volumes enable multiple different operating systems to be booted, depending on the volume that is selected for booting.
Type:
Grant
Filed:
September 12, 2011
Date of Patent:
October 7, 2014
Assignee:
Microsoft Corporation
Inventors:
Grigory B Lyakhovitskiy, Michael H. Tsang
Abstract: A method and apparatus for preventing an IDT-based security sandbox from causing a kernel panic when using a call gate is disclosed. The method comprises receiving a request from an application to create a secure sandbox, wherein epilog code is mapped into the application upon receiving the request; enabling a call gate, wherein the call gate defines a location of call gate target code for enabling the secure sandbox; executing the epilog code to facilitate an interrupt disable instruction; jumping through the call gate; and enabling the secure sandbox.
Abstract: The disclosure relates to systems and methods for targeted messaging, workflow management, and digital rights management for geofeeds, including content that is related to geographically definable locations and aggregated from a plurality of social media or other content providers. The system may facilitate targeted messaging to users who create content. The targeted messaging may be based on the content (or location related to the content) such as a request for additional information or a promotional message. The system may generate workflows that allow management of the content with respect to operational processes of an entity that wishes to use the content and facilitates the management of usage rights related to the content as well as payments related to such usage rights. For example, the system may store whether content requires permission to use the content and/or whether such permission was obtained and facilitates payment.
Type:
Grant
Filed:
March 7, 2013
Date of Patent:
September 30, 2014
Assignee:
Geofeedia, Inc.
Inventors:
Philip B. Harris, Scott K. Mitchell, Michael J. Mulroy
Abstract: JavaScript on webpages linked to by URLs in messages is identified and the JavaScript is extracted. The JavaScript is then subjected to a JavaScript execution and analysis process whereby the JavaScript is executed in the context of a simulated web browser. The behavior of the JavaScript is then analyzed to identify one or more of: any URLs to be redirected to; any further executable JavaScript; and any content dynamically written to the webpage. The results are then either recursed into or are recorded and used to aid in the identification of spam messages.
Abstract: In one embodiment, a security device receives one or more first unique identifications of packets sent by a first device to a second device for which a corresponding acknowledgment was purportedly returned by the second device to the first device. The security device also receives one or more second unique identifications of packets received by the second device from the first device and acknowledged by the second device to the first device. By comparing the first and second unique identifications, the security device may then determine whether acknowledgments received by the first device were truly returned from the second device based on whether the first and second unique identifications exactly match.
Type:
Grant
Filed:
August 22, 2011
Date of Patent:
August 12, 2014
Assignee:
Cisco Technology, Inc.
Inventors:
Shmuel Shaffer, Jean-Philippe Vasseur, Jonathan W. Hui
Abstract: A logical unit number management device includes: an access processing unit that performs information processing with access objects by using logical unit numbers for identifying logical identification information; a logical unit number management table storage unit that stores a logical unit number management table storing a corresponding relationship between the logical identification information and the logical unit numbers; a logical unit number management table changing unit that changes the corresponding relationship based on an external change request; a change completion reporting unit that reports change completion to the access processing unit when the logical unit number management table has been changed in accordance with the change request; and an access control unit that controls an access to the access object indicated by the logical identification information corresponding to one of the logical unit numbers after a report of the change completion.